Construction of l-Dynamic Frameproof

In the case of sequential frameproof codes improved convergence times can be achieved when the number of traitors is limited. In a dynamic situation, however, we will see that once we suppose there is more than one traitor we do not in fact gain anything by considering limits on the number of traitors: two traitors can do as much damage as n_{− 1 traitors.}

An l-dynamic frameproof code that uses an alphabet Q =_{{0, 1, . . . , q −1},} and works for users U = _{u0, u1, . . . , un−1} and any number c < n of traitors

in time l =log_q  _n

q−1
 + 1 ≈ logq(n) is constructed as follows:

Construction 5.3. Let l = logq

 _n

q₋₁
 + 1; let Q = {0, 1, . . . , q − 1} and

U = _{u0, u1, . . . un−1}. Denote by qij the jth digit in the q-ary expansion of the

integer i _{≥ 0. We define functions D}1: U → Q and Dj: Qj−1 × U → Q for

2_{≤ j ≤ l − 1 as follows:} Dj(Ξj, ui) = qij′, where i′ _{∈1, 2, . . . } n q−1 and i′ ≡ i (mod  n q−1).

This ensures that each q-ary sequence of length l_{− 1 will have been received} by up to q _{− 1 users over the first l − 1 time segments. At most q − 1 users} will have received sequences of marks matching the pirate broadcast sequence Ξl = {ξi}i=1l−1; denote these users (if they exist) by w1, w2, . . . wq₋₁. We then

define

Dl(Ξl, ui) =

(

x if ui = wx,

0 otherwise.

This ensures that any user whose sequence matches the pirate’s over the first l− 1 segments receives a unique symbol at time l. This is illustrated by the following example.

Example 5.2 Suppose there are 18 users u0, u1, . . . , u17, and a mark alphabet

{0, 1, 2}. The following table shows how the marks are allocated to the users according to the above construction, based on a particular pirate broadcast sequence. 1 2 3 u0 0 0 1 u1 1 0 0 u2 2 0 0 u3 0 1 0 u4 1 1 0 u5 2 1 0 u6 0 2 0 u7 1 2 0 u8 2 2 0 u9 0 0 2 u10 1 0 0 u11 2 0 0 u12 0 1 0 u13 1 1 0 u14 2 1 0 u15 0 2 0 u16 1 2 0 u17 2 2 0 T 0 0 0

Users u0 and u9 have been framed over the first two segments so at time

3 user u0 is given the symbol 1 and u9 the symbol 2 while all other users

receive 0. A valid pirate broadcast sequence for this distribution will satisfy ξ3 = 0, therefore in this case the pirate broadcast sequence is 0, 0, 0, which

does not correspond to the sequence received by any user. Hence framing has not occurred.

This construction does not depend on the potential size of the pirate coali- tion. If we compare the code of this example with the sequential frameproof code resulting from Construction 4.6 we see that in the latter case ₃₋₁18 = 9 time segments are required to prevent framing, instead of the log3 ₃₋₁18
+ 1 = 3

required here. Thus the extra information available in the dynamic setting allows us to prevent framing much more quickly than when using sequential

constructions. 

In the example framing was prevented in time logq

 _n

q−1
 + 1; we now

show that the construction indeed achieves this in general.

Theorem 5.4. The functions resulting from Construction 5.3 constitute an l-dynamic c-frameproof code for any c_{≥ 0.}

Proof. By the construction of Dl any user whose sequence matched the pirate

broadcast over the first l _{− 1 segments (i.e. any user who was framed over} that time) is given a unique mark at time l. For any valid pirate broadcast sequence none of these users’ received marks matches the pirate’s at time l, thus there is no user who is framed over the entire interval. The functions defined in this construction hence constitute a logq

 _n

q−1
 + 1
-dynamic

c-frameproof code for any c ≥ 0, as the construction is independent of the

value of c. 

If the number of users is n = qk_{(q− 1) then the convergence time of the}

code yielded by this construction is l = k + 1. This is in fact optimal for this number of users, a result which is a corollary of the following lemma.

protects n users from framing using an alphabet of size q exists if and only if n ≤ qk_{(q− 1).}

Proof. In the case where n _{≤ q}k_{(q− 1) the existence of a (k + 1)-dynamic}

2-frameproof code is demonstrated by Construction 5.3. To prove the converse we use induction on k.

Let P (k) be the proposition that the existence of a q-ary (k + 1)-dynamic 2-frameproof code protecting n users implies n_{≤ q}k_{(q− 1).}

We prove P (1) is true: suppose the number of users is greater than q(q_−1). By the pigeon-hole principle there exists some set S of at least q users who receive the same marked segment during the first time interval. As we have q(q_{− 1) users but our alphabet only has q marks, some user u ∈ S will receive} the same marked segment as some other user t2 (not necessarily in S) during

the second time interval. Let t1 ∈ S \ {u}, but note that t1 and t2 are not

necessarily distinct. Then the sequence D1(t1), D2(D1(t1), t2) is a valid pirate

broadcast sequence for the pirate T =_{t1, t2}, which can thus frame u /∈ T as

D1(u) = D1(t1) and D2(D1(t1), u) = D2(D1(t1), t2). Therefore no matter how

the functions D1 and D2 allocate the marks it is impossible to guarantee that

framing will not occur when n > q(q− 1). Hence P (1) is true.

Assume that P (j) is true for some j, then each (j+1)-dynamic 2-frameproof code requires the number of users to be less than or equal to qj_{(q− 1). Sup-}

pose there exists a (j + 2)-dynamic 2-frameproof code{Dα}j+2_α=1 for more than

qj+1_{(q− 1) users and an alphabet of size q. Then there is some subset S of}

users who will be given the same marked segment m during the first time interval, with |S| > qj_{(q− 1). After this time interval, define a new family}

of functions {Eγ}j+1_γ=1 with E1: S → Q and Eγ: Qγ−1 × S → U by setting

then ¯Ξγ is the sequence ξ2, ξ3, . . . , ξγ+1. We claim that the family of functions

{Eγ}j+1γ=1 is a (j + 1)-dynamic 2-frameproof code for user set S, for otherwise

there exists a valid pirate broadcast sequence {ξ2, ξ3, . . . ξj+2} corresponding

to a pirate set T with |T | ≤ 2, and some user u ∈ S \ T with E1(u) = ξ2

and Ei(ξ2, ξ3, . . . , ξi, u) = ξi+1 for i = 2, 3, . . . j + 1. As the members of T are

in S then during the first segment they must have received the symbol m, as did user u. Hence the pirate T is capable of framing user u over all time segments from t = 1 to j + 2. This contradicts the assumption that {Dα}j+2_α=1

is (j + 2)-dynamic 2-frameproof. Thus we conclude that {Eγ}j+1_γ=1 is in fact

(j + 1)-dynamic 2-frameproof. However S has more than qj_{(q− 1) members,}

which contradicts our inductive assumption. Hence P (j) ⇒ P (j + 1), and therefore P (k) is true for all k≥ 1.  Construction 5.3 demonstrates the existence of a (k + 1)-dynamic frame- proof code protecting qk_{(q−1) users from any number 1 ≤ c ≤ n−1 of traitors.}

By the above lemma we see that a (k + 1)-dynamic c-frameproof code exists only if n _{≤ q}k−1_{(q− 1) for any c with 2 ≤ c ≤ n − 1. Hence we obtain the}

following theorem.

Theorem 5.6. An l-dynamic c-frameproof code protecting n users with c > 1 exists if and only if n_{≤ q}l−1_{(q− 1).}

If the number of users exceeds qk−1_{(q− 1) the convergence time must be}

at least k + 1, from which we deduce:

Corollary 5.7. The convergence time of the code resulting from Construc- tion 5.3 is optimal for the given number of users and alphabet size.

The case where there is known to be precisely one traitor differs slightly. In this situation a pirate is some user t, who can only frame an innocent

user u if they have received the same sequences, so Di(t) = Di(Ξi, u) for all

i = 1, 2, . . . l. From this we deduce the following theorem.

Theorem 5.8. A q-ary l-dynamic 1-frameproof code protecting n users exists if and only if n≤ ql_.

Proof. If the marked segments are distributed so that each user receives a dis- tinct sequence of l symbols then no user can frame another. There are exactly ql _{length l sequences with symbols from an alphabet of size q; if there are q}l

users it is therefore possible to allocate a unique sequence to each user. This demonstrates the existence of q-ary l-dynamic 1-frameproof codes protecting ql _users.

Now suppose that the number of users is at least ql_{+ 1. At time 1 sup-}

pose the pirate broadcasts the symbol that was received by the largest num- ber of users. Denote the set of users receiving this symbol by S1. Then

|S1| ≥ l ql₊₁ q m = ql_{−1+ 1 (for l}

≥ 1). Suppose that at time 2 the pirate broad- casts the symbol received by the largest number of users in set S1. Denote by

S2 the set of users whose received sequence corresponds with the pirate broad-

cast over the first two segments. Then|S2| ≥ ql−2+ 1. Repeating this process,

at time l− 1 there is a set Sl₋₁ of size q + 1 whose sequences correspond to

the pirate broadcast over the first l time segments. At time l, therefore, two of the users in Sl₋₁ receive the same mark. If the pirate broadcasts this mark

at this time it follows that either of these users is capable of having produced the entire pirate broadcast, so that one of them may be the pirate who has thus framed the other user. Thus we claim that when the number of users exceeds ql _{it is impossible to guarantee that a single traitor will not frame an}

Chapter 6

Sliding-Window Dynamic

Frameproof Codes

In this chapter we undertake to apply the extra information provided in the dy- namic setting to create schemes similar to the sequential frameproof codes but having shorter convergence times; sliding-window l-dynamic frameproof codes are the result. We start by observing that such schemes can be constructed from dynamic frameproof codes and provide a bound on the convergence time that is tight for certain numbers of users. After giving a new construction for these schemes we then restrict our attention to schemes using a binary alphabet, and describe another construction which provides a model that is exploited by later constructions. We discuss a sufficient condition for a mark distribution to constitute a sliding-window l-dynamic framproof code and de- rive a bound on the convergence time of schemes satisfying this condition, showing that it is tight in many cases. This is followed by an examination of a geometric model that facilitates the study of a particular class of these schemes; finally, we determine a bound on the convergence times of schemes constructed geometrically.

6.1

The Sliding-Window Model

The dynamic frameproof codes described in the previous chapter can be used to prevent framing over one particular length l window. Sequential frameproof codes, on the other hand, have the property that they can be applied contin- uously to ensure protection from framing over any window of l consecutive time segments; we refer to this as the sliding-window model. This difference between the sequential and dynamic frameproof codes reflects a difference in how they might be used: a sequential frameproof code can be used throughout the broadcast and the broadcaster can be confident that framing will not occur, whereas a dynamic frameproof code may be applied at a particular time once the broadcaster suspects that framing is occurring. Using a dynamic frame- proof code from time t to time t + l_{− 1 the broadcaster can reassure each user} that he or she will not have been framed over this time interval; this is perhaps not so useful if the pirate simply decides instead to frame some user from time t + 1 onwards. The main difference in the construction of dynamic frameproof codes compared with schemes that work in the sliding-window model is that in the latter case the broadcaster does not know in advance over which interval the pirate might frame some user. The dynamic frameproof codes described in the previous chapter will no longer protect all users if the first segment over which they are applied is ignored, whereas a sliding-window frameproof code will not only protect users from being framed from time t to t + l_{− 1, but also} from time t + 1 to t + l and so on.

Example 6.1 Suppose U ={u0, u1, u2, u3} and Q = {0, 1} and let l = 3. The

five time segments with a dynamic frameproof code resulting from Construc- tion 5.3 applied over the first three.

1 2 3 4 5 u0 0 0 1 0 0 u1 0 1 0 0 1 u2 1 0 0 1 0 u3 1 1 0 1 1 T 0 0 0 1 0

The use of a dynamic frameproof code prevents framing over the first three segments; however, the pirate is able to frame user u2 over segments 2 to 5,

indicating that this mark distribution does not prevent framing in the sliding-

window model. _

So far we have seen sequential frameproof codes that work in the sliding- window model and dynamic frameproof codes that do not. It would be ad- vantageous if we could use the dynamic setting to create schemes offering sliding-window frameproof protection but having shorter convergence times (i.e. having shorter window length l) than sequential codes; it is not immedi- ately clear that this is possible, however. Consider an l-dynamic c-frameproof code. In an analogue to Lemma 4.2 it can be applied repeatedly starting at times 1, l + 1, 2l + 1 and so on. This will ensure that framing cannot occur over any 2l_{− 1 consecutive time segments, since a time interval of that size nec-} essarily includes one complete application of the code. Hence sliding-window functionality is acheived. The following example shows that greatly improved convergence times can be obtained by such methods.

Example 6.2 Suppose there are 2_{× 3}10 _{users (slightly more than 10}5 _users),

and you wish to use an alphabet of size three to prevent framing by any num- ber of traitors. Construction 4.6 results in a ternary l-sequential frameproof code with l = 310_{. Construction 5.3, however, yields an l-dynamic frameproof}

code with l = 11. As per the argument above applying this code repeatedly enables the prevention of framing over any intervals of length 2l − 1 = 21. Thus we see that making use of the information in the pirate broadcast se- quence can allow us to continually prevent framing much more efficiently for a given alphabet size.  In order to further explore this idea we introduce the concept of a sliding- window l-dynamic frameproof code.

Definition 6.1. A sliding-window l-dynamic frameproof code is a countable family of functions {Dα}∞α=1 where D1: U → Q and Dα: Qα−1 × U → Q for

α > 1 with the property that for any valid pirate broadcast sequence {ξj}αj=1

corresponding to a pirate T there is no legitimate user u _{∈ U \ T and time} i_{≤ α − l with D}j(Ξj, u) = ξj for all j = i, i + 1, . . . i + l− 1.

A sliding-window l-dynamic frameproof code therefore prevents each user from being framed over any window of l consecutive time segments. The code described in the above example, which protects qk_{(q− 1) users, is thus a}

sliding-window (2k + 1)-dynamic frameproof code.

As in the case of sequential codes we refer to l as the convergence time of the code. It would be natural to wonder what is the smallest convergence time lq,n for which a sliding-window lq,n-dynamic frameproof code exists for

an alphabet of size q and user set U with _{|U| = n. The above discussion} implies that lq,qk_(q−1) ≤ 2k+1. Furthermore, since restricting a sliding-window

lq,qk_(q−1)-dynamic frameproof code to the first l_q,qk_(q−1) time intervals gives an

ordinary lq,qk_(q−1)-dynamic frameproof code, we have that

We show in Theorem 6.2 that this bound can be improved to lq,qk_(q−1) ≥ k + 2.

This is tight when k = 1 and hence lq,q(q−1) = 3, as shown in Corollary 6.3.

Theorem 6.2. Let q ≥ 2. If there exists a q-ary sliding-window l-dynamic frameproof code protecting qk_{(q− 1) users then}

l ≥ k + 2.

Proof. We know that l ≥ k + 1. Suppose {Dα}∞α=1 is a sliding-window

(k + 1)-dynamic frameproof code protecting n = qk_{(q − 1) users. We refer}

to a segment in which at least one user receives a mark not received by any other user at that time as a protection segment. Suppose that at each time t prior to the first protection segment the pirate broadcast consists of the marked segment that ensures that the greatest possible number of users have been framed over segments 1 to t. Then the first protection segment must oc- cur within the first l segments, or else at least one user will have been framed over this time, as in the proof of Lemma 4.5.

Suppose that the first protection segment occurs at some time j0 and sup-

pose the pirate broadcast at this time is the symbol ξj0 received by the greatest

number of users at this time. Denote the set of users who received this symbol by S0, and let h0 = |S0| ≥

_n−1

q₋₁ = q

k_{. At time j}

0 + 1 there exists a mark

ξj0+1 received by at least h1 =

_h0

q  ≥ q

k−1 _{users; denote the set of such users}

by S1 and suppose the pirate broadcast at this time consists of this mark.

Continuing in this manner we find that at time j0+ k− 1 there are hk−1 ≥ q

users who have been framed over the k segments from j0 to j0 + k− 1. As

the number of users is greater than k, at least one user u_{∈ S}k−1 will receive

a mark at time j0 + k that has been received by some other user t1; suppose

user t2 ∈ Sk−1 \ {u}, not necessarily distinct from t1. The set T = {t1, t2}

is capable of having produced the pirate broadcast from time j0 to jk and

thereby framing u over this period. We note further that the set T′ _{= U\ {u}}

is capable of having produced the entire broadcast from time 0 to j0+ k, since

the fact that no segment prior to j0 was a protection segment implies that

each mark broadcast by the pirate was received by at least one user in T′_,

as |T′_{| = n − 1. Thus for any sliding-window (k + 1)-dynamic frameproof}

code protecting qk_{(q− 1) users there exists a pirate T′ capable of framing a}

user u /∈ T′ _{over some window of k + 1 consecutive time segments, which is}

a contradiction. Hence we conclude that for any sliding-window l-dynamic frameproof code protecting qk_{(q− 1) users we require l ≥ k + 2.}

 In the case where k = 1, Theorem 6.2 allows us to determine the exact value of lq,qk_(q−1).

Corollary 6.3. Suppose q > 2. Then

lq,q_(q−1) = 3.

Proof. We know that k + 2 _{≤ l}q,q_(q−1) ≤ 2k + 1 by the intial observations of

this section and by Theorem 6.2, but for k = 1 we have k + 2 = 2k + 1 = 3.  For k > 1, however, there is still a discrepancy between the upper and lower bounds for lq,qk_(q−1). The following new construction requires q > 2

but yields a convergence time lq,n = ⌈logq₋₁(n)⌉ + 1, which results in a re-

duction of the upper bound for lq,qk_(q−1) when k > 1

2−logq−1q, since we have

that _⌈logq₋₁(qk(q− 1))⌉ + 1 < 2k + 1 if ⌈logq₋₁(qk)⌉ < 2k − 1. This holds if

⌈logq₋₁q⌉ < 2 − k1, thus k > 1 2−logq−1q.

Now logq₋₁q is a decreasing function when q > 2 and approaches a limit

1 as q → ∞. Hence we conclude that for k > 2 Construction 6.4 leads to a bound on lq,qk_(q−1) that is an improvement on that arising from Example 6.2.

Construction 6.4. Suppose q > 2 and let Q = {0, 1, . . . q − 2} ∪ {∞} and U = {u0, u1, . . . un−1}. Let l = ⌈logq−1(n)⌉ + 1. Denote by q

j

i the jth digit in

the (q−1)-ary expansion of the integer i ≥ 0. We define functions D1: U → Q

and Dj: Qj−1× U → Q for j > 1 as follows:

D1(ui) = qi1 Dj(ui) =      ∞ if Dα(Ξα, ui) = ξα for all α = j − l + 1, j − l + 2, . . . j − 1, qj_i′ otherwise, where j′ _{∈ {1, 2, . . . , l − 1}} and j′ _{≡ j (mod l − 1).}

When this construction is used, a user ui receives the l− 1 digits of the

(q− 1)-ary expansion of the integer i repeatedly, unless that user has been framed over the l− 1 previous segments, in which case he or she receives the protection symbol ∞. This is illustrated in the following example.

Example 6.3 1 2 3 4 5 6 7 8 9 u0 0 0 0 0 0 0 0 0 0 u1 0 1 ∞ 1 0 1 0 1 0 u2 0 2 0 2 0 2 0 2 0 u3 0 3 0 3 0 3 0 3 0 u4 1 0 1 0 1 0 1 0 1 u5 1 1 1 1 1 1 1 ∞ 1 u6 1 2 1 2 1 2 1 2 1 u7 1 3 1 3 1 3 1 3 1 u8 2 0 2 0 2 ∞ 2 0 2 u9 2 1 2 1 2 1 ∞ 1 2 u10 2 2 2 2 2 2 2 2 2 u11 2 3 2 3 2 3 2 3 2 u12 3 0 3 0 ∞ 0 3 0 3 u13 3 1 3 ∞ 3 1 3 1 3 u14 3 2 3 2 3 2 3 2 3 u15 3 3 3 3 3 3 3 3 3 T 0 1 3 0 2 1 1 1 0

Suppose there are sixteen users u0, . . . u15, and an alphabet Q = {0, 1, 2, 3, ∞}.

The table above demonstrates how marks are allocated by the functions con- structed above over the first nine time intervals based on a particular example of a sequence broadcast by some pirate.

For q = 5 and n = 16 we have ⌈logq−1(n)⌉ + 1 = 3. The symbol ∞ is

broadcast whenever a user has been framed over consecutive time intervals.  The functions arising from Construction 6.4 define a q-ary sliding-window (⌈logq−1(n)⌉+1)-dynamic frameproof code. To prove this we need the following

lemma.

Lemma 6.5. If marks{0, 1, . . . , q−2}∪{∞} are allocated to n users according to the functions defined in Construction 6.4 then at every time i_{≥ 1 at most} one user receives the symbol _∞.

Proof. We use strong induction on i. As before, we let l =_⌈logq₋₁(n)⌉ + 1.

Let P (i) be the proposition that at time i at most one user receives the symbol _∞.

Then P (i) is true for i = 1, 2, . . . , l since no user receives the symbol ∞ in the first l−1 time segments; during this time the user ui receives the sequence

of numbers corresponding to the (q− 1)-ary expansion of i. As such, no two users have received the same sequence of marks over the first l time intervals. This implies that at most one user has received a sequence corresponding to that broadcast by the pirate; such a user receives ∞ at time l and the others all receive the first number of their (q− 1)-ary expansion.

Assume P (h−l+2), P (h−l+3), . . . , P (h) are true. If the pirate broadcasts ∞ at some time between h − l + 2 and h no innocent user is framed at that time, hence no user receives ∞ at time h + 1.

We now assume that the pirate has not broadcast ∞ at any time during that interval. Any user who has received ∞ during that time can not be framed over time h− l + 2, h − l + 3, . . . , h and thus will not receive ∞ at time h + 1. Any user ui who did not receive ∞ at any time during that interval received

a cyclic shift of the (q − 1)-ary expansion of i. No two users have the same such expansion, thus at most one user has received a sequence corresponding to that broadcast by the pirate, and hence receives ∞ at time h + 1.

Thus P (h− l + 2), P (h − l + 3), . . . , P (h) ⇒ P (h + 1), and so P (i) is true

for all i≥ 1. 

We are now in a position to prove the desired result.

In document Dynamic Frameproof Codes (Page 57-72)